Preview only show first 10 pages with watermark. For full document please download

Pre-installation Guide

   EMBED


Share

Transcript

Pre-Installation Guide June 2, 2017 - Version 9.5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - For the most recent version of this document, visit our documentation website. Table of Contents 1 Pre-installation 5 2 Windows updates 5 3 Required certificates for Relativity 5 3.1 Certificate requirements for Service Bus for Windows Server 4 User and group accounts 4.1 Relativity service account 6 7 7 5 Database server setup 7 5.1 Required software 7 5.2 Enable Microsoft DTC 8 5.3 Assign admin permissions to the Relativity service account 8 5.4 Create SQL Server login 8 5.5 Set authentication mode 9 5.6 Create BCP share 5.6.1 Update the permissions on the BCPPath file share 5.7 Optionally configure an authentication token-signing certificate 5.7.1 Pre-installation steps for a token-signing certificate 6 Web server setup 10 10 11 12 12 6.1 Including expiration header in IIS 12 6.2 Setting IIS options 13 6.3 IIS role service configuration 13 6.3.1 IIS roles on Windows Server 2008 R2 13 6.3.2 IIS roles on Windows Server 2012 R2 15 6.4 Enabling the WebSocket protocol 18 6.5 Configuring log file options 18 6.5.1 Log file options for Windows Server 2008 R2 Relativity | Pre-Installation Guide - 2 18 6.5.2 Log file options for Windows Server 2012 R2 6.6 Configuring SSL on a web server 21 25 6.6.1 Obtaining a certificate for your web server 25 6.6.2 Installing a certificate on your web server 25 6.6.3 Configuring HTTPS site bindings 25 6.6.4 Updating the SSL setting on the IIS 26 7 Agent server setup 27 7.1 Enabling Microsoft DTC 27 7.2 Enabling HTTP activation 28 8 Service Bus for Windows Server 28 8.1 Pre-installation steps for Service Bus for Windows Server 29 8.2 Best practices for Service Bus for Windows Server 29 8.3 Online installation for Service Bus for Windows Server 30 8.4 Offline installation for Service Bus for Windows Server 33 8.4.1 Downloading the Web Platform Installer 34 8.4.2 Installing Service Bus for Windows Server 35 8.5 Configuring Service Bus for Windows Server 36 8.5.1 Setting up a new farm 36 8.5.2 Fields in Service Bus Configuration wizard 37 8.5.3 Configuring an auto-generated SSL certificate 40 8.5.4 Optionally adding multiple servers to an existing farm 40 8.5.5 Adding a new message container 42 8.5.6 Troubleshooting the service bus farm 43 9 File (document) share or server 9.1 Create share 44 44 10 Cache location server 45 11 Analytics server setup 45 Relativity | Pre-Installation Guide - 3 11.0.1 Required software 45 11.0.2 Create installation index directory 45 11.0.3 Assign permissions to the analytics directories 45 11.0.4 Required setup 46 12 Index share - dtSearch repository 48 12.1 Create share 48 13 SMTP server setup 48 14 Environment modification for processing or native imaging 49 15 Database server for processing or native imaging 49 15.1 Required software 49 15.2 Relativity Service Account 50 15.3 Create Invariant worker network file path share 50 16 Worker server for processing or native imaging 50 16.1 Required software 50 16.2 Required Microsoft Visual C++ redistributables 53 16.3 Relativity Service Account 53 17 Obtaining applications for native imaging and processing 53 18 Default log file location 54 19 Post-installation considerations 54 19.1 User group for uploading documents 54 19.2 Relativity service account information 54 19.3 Post-installation steps for a token-signing certificate 55 19.4 Logo customization 55 19.5 Resource groups 55 19.6 License keys 55 19.7 Relativity instance name 56 Relativity | Pre-Installation Guide - 4 1 Pre-installation You must complete the pre-installation process to ensure that your environment is configured with the software, user accounts, directories, and other prerequisites required for an initial installation of Relativity. In addition, the Relativity service bus requires that you install and configure Service Bus for Windows Server. As you set up your environment, use the Installation accounts and directories list to record information about your environment configuration that the installation process requires. You can download this document from Pre-Installation on the Relativity 9.5 Documentation site. For additional information, see the System Requirements and Environment Optimization guides. 2 Windows updates Install the latest Microsoft Windows Server and .NET Service Pack on all Relativity servers. Install any smaller security patches, Windows updates, etc. at your own discretion. kCura only tests major service packs, not every Microsoft update. Deploy any patches to your test instance of Relativity first. Ensure that a rollback plan is in place if you discover any issues during deployment. Ensure you disable the option to Install updates automatically on all Relativity servers. Apply any required updates during a planned maintenance window. After installing Windows updates, reboot your machines before attempting to install Relativity. Complete this step to ensure that all Relativity components are properly installed. Incomplete Windows updates lock system files, which may cause silent failures and prevent the proper installation of Relativity components. 3 Required certificates for Relativity Relativity now verifies that all HTTPS services running in your environment have a trusted certificate. The HTTPS services run on the following components of your Relativity installation, so they require that you install valid certificates: n n n n n n n Analytics server Components that connect to the Services API Components that use HTTPS to connect to the REST API Service Host Manager on all web and agent servers for running application-based Kepler services DBMT application Viewer Web servers You need to add certificates to any server in your Relativity environment that is accessed by an HTTPS service. By adding these certificates, you won't see warning messages and insecure- Relativity | Pre-Installation Guide - 5 connection icons displayed as you navigate to different components of your Relativity site. Use these guidelines for installing certificates in your Relativity environment: n n n If your Relativity site is exposed to the internet, install a certificate on any server that users can access with HTTPS services. If Relativity users access your web server with different internal and external names, install a second certificate for the internal name. If you use different internal and external URLs bound to the same IP address on your servers, install a second certificate on the server for the internal IP address. You may want to consider using Server Name Indication (SNI), which is an extension to the Transport Layer Security (TLS). For more information, see IIS 8.0 Server Name Indication (SNI): SSL Scalability on the Microsoft website (http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability). Note: If you don't want to use SNI in your environment, then configure separate IP addresses on your web servers for internal and external URLS. You might not be able to use SNI if your IIS or web browser versions don't support it. For information about generating certificates for servers in your Windows domain, see Public Key Infrastructure Design Guidance on the Microsoft site (http://social.technet.microsoft.com/wiki/contents/articles/2901.public-key-infrastructure-designguidance.aspx.) We recommend that you use the Standalone offline root CA referenced in this article. For information on setting up HTTPS for the Service Host Manager on web and agent servers, see Service Host Manager on the Relativity 9.5 Documentation site. 3.1 Certificate requirements for Service Bus for Windows Server The Relativity service bus requires the installation of Service Bus for Windows Server as a prerequisite. To facilitate secure communication, Service Bus for Windows Server requires a certificate. You can use one of the following options for obtaining a trusted certificate: n n Use an existing certificate - You may already have a certificate for externally facing web servers. If the domain name for the certificate matches the fully qualified domain name (FQDN) of the service bus server, you can use this same certificate for both the web server and the service bus. Issue a certificate with an internal certificate authority - If you have access to an internal certificate authority (CA), issue a certificate with the internal FQDN of your service bus server. The certificate must include the following information: Subject name and a subject alternative name Private and public key o Valid start date, end date, and trust chain o AT_KeyExchange set o Corresponding CRL list for the signing authority Auto-generate a certificate - You can use the Service Bus Configuration tool to auto-generate the required certificate when you configure a new farm, which is a cluster of servers. For more information, see Configuring Service Bus for Windows Server on page 36. o o n Relativity | Pre-Installation Guide - 6 4 User and group accounts Configure the following user and group accounts in your environment. 4.1 Relativity service account Make sure that the Relativity services account has local administrator privileges on each of the servers where you want to install Relativity, since you must log in under this account when installing this software. You can find additional requirements for this account under the sections describing how to configure specific servers. For additional information about this account, see Relativity service account information on page 54. The Windows Service Component and the kCura COM Plus Component run under the Relativity Service Account. Verify that this account is configured as follows: n n n n Create account in Active Directory. Add account to the Administrators group on all machines running Relativity components. Disable UAC controls for this account due to the requirement for Windows Server 2008 R2. If using a workgroup, verify that the account has identical credentials on all Relativity servers. Contact the Client Services team ([email protected]) for additional information about configuring workgroups. 5 Database server setup Set up the database server by completing the steps in this section. 5.1 Required software The following software must be installed on the database server: n n n Windows Server 2012 R2 or Windows Server 2008 R2 SP1 SQL Server 2012, SQL Server 2014, or SQL Server 2016 .NET Version 4.5.1(or 4.6.1 which is supported in 9.5.89.76 and above) Fix for Microsoft KB3138319, KB 3151109 and KB3120595: n n n n Cumulative Update 11 for SQL Server 2012 SP 2 Cumulative Update 2 for SQL Server 2012 SP 2 Cumulative Update 5 for SQL Server 2014 SP1 Cumulative Update 13 for SQL Server 2014 Note: Relativity requires Full Text Search from the Database Engine Services feature as part of the SQL Server installation. Relativity | Pre-Installation Guide - 7 5.2 Enable Microsoft DTC Microsoft DTC must be enabled on the SQL Server along with the following configuration changes: 1. Add the Application Server role and select Distributed Transactions. Select Incoming Remote Transactions and Outgoing Remote Transactions. 2. Type dcomcnfg on your Start menu and press Enter to open Component Services. 3. Expand Component Services > Computers > My Computer > Distributed Transaction Coordinator. 4. Right-click Local DTC and click Properties. 5. Click the Security tab. 6. Select the following check boxes: Allow Remote Clients Allow Inbound n Allow Outbound 7. Click Apply. 8. Click Yes to restart the MSDTC service. 9. Click OK. n n 5.3 Assign admin permissions to the Relativity service account You must configure permissions for the Relativity service account on the SQL Server as part of the database setup process. Make sure that the Relativity service account has local administrator and Sysadmin permissions on the SQL Server. 5.4 Create SQL Server login The following login must be added to the SQL Server environment. Set this account to Never Expire and Not Enforce Password policy. Note: The Relativity installer creates this SQL Server account if it doesn't already exist. The EDDSDBO account is the login used by the owner of all objects in the EDDS system databases. Follow these guidelines for configuring this account: n n Authenticate this user with SQL Server Authentication. Give this account only the following server roles: bulkadmin dbcreator o public If you have multiple SQL Servers, create this account on each server with the same name, permissions, and credentials. Make sure that password for EDDSDBO account doesn't contain an equals sign (=). o o n n Relativity | Pre-Installation Guide - 8 5.5 Set authentication mode After creating a SQL Server login, you must set the Windows authentication mode property on the server. Complete the following steps to set the authentication mode: 1. Log in to Microsoft SQL Server Management Studio. 2. Right-click on your server in the Object Explorer, and then click Properties in the menu. 3. On the Server Properties dialog, click the Security page. 4. Under Server authentication, click SQL Server and Windows Authentication mode. 5. Click OK. Relativity | Pre-Installation Guide - 9 5.6 Create BCP share Create a directory on the SQL Server in a location where the Relativity Service Account can read and write. In addition, give SQL services permissions to read from this directory. Follow these guidelines for setting up this directory: n n n n n Make sure that this directory is an actual folder, not merely a drive letter. Confirm that the account running SQL has access to this directory. If it doesn't have access to this folder, it can't create new cases. This directory is used for temporary files during imports, exports, case creations, and dtSearch queries. Place this share on the drive housing the Backup files for optimal performance. This share should be named BCPPath in every instance. If you have multiple SQL Servers, create this share on each server and use the BCPPath as the share name on all servers. Make sure the account running the SQL services has rights to the BCPPath. Bulk import fails when this account doesn't have these rights. Note: Consider setting up an SQL Service Account (that is a domain account with local admin rights). You should review the security requirements of your organization before setting up this account. To create a SQL Server Service account available from Microsoft, see Configure Windows Service Accounts and Permissions (http://msdn.microsoft.com/en-us/library/ms143504.aspx). Complete the following steps to share the folder: 1. 2. 3. 4. 5. 6. 7. 8. Right-click the folder and go to Properties. Open the Sharing tab and click Share. Enter the Relativity Service Account name (domain\account), and click Add. Select the service account on the share list and set the Permission Level to a minimum of Read/Write. Click Share. When the share completes, click Done. On the Document Properties dialog, select the Security tab. Verify that the Relativity Service Account has Full Control security permissions to the folder itself. 5.6.1 Update the permissions on the BCPPath file share In the Failover Cluster Manager, you must update the permission settings for the BCPPath file share to ensure the case creation occurs properly on the failover cluster. When you create the BCPPath on a clustered disk, verify that Enable continuous availability option isn't selected under Settings on the BCPPath Properties page. See the sample settings on the following screen shot: Relativity | Pre-Installation Guide - 10 Note: You must configure this setting only for SQL Server 2012, 2014 and 2016. 5.7 Optionally configure an authentication token-signing certificate When you run the Relativity installer, it automatically adds an authentication token-signing certificate, named RelativityIdentityCertificate, to the certificate store on your primary database server. However, you also have the option to use your own certificate rather than the one created by the Relativity installer. Note: You only need to install an authentication token-signing certificate if you don’t want to use the default certificate called provided by the Relativity installer. Relativity | Pre-Installation Guide - 11 Before you begin installing Relativity, you may want to configure the token-signing certificate in the store on your primary database server. The other servers in your Relativity installation automatically retrieve this certificate information from the EDDS database server, so you don’t need to configure their certificates individually. Note: For a clustered environment, you need to export a copy of your RelativityIdentityCertificate from the primary database server, and install the certificate to each database server hosting the EDDS. 5.7.1 Pre-installation steps for a token-signing certificate You may want to install your custom token-signing certificate on the database server before you install Relativity in your environment. However, you can also complete these steps after installation. Use this procedure to configure your certificate: 1. Obtain a signed certificate and install it on the certificate store on your primary database server. 2. Copy the thumbprint of the certificate for later use. You need this value to update the instance setting after you install Relativity. See Post-installation steps for a token-signing certificate on page 55. 3. Install Relativity on the database and other servers. For more information, see Relativity installation or Upgrading your primary SQL Server on the Relativity 9.5 Documentation site. After you install Relativity complete the steps in Post-installation steps for a token-signing certificate on page 55. 6 Web server setup This section describes how to prepare your web server for installing Relativity. Install the following software on the web server: n n n Windows Server 2012 R2 or Windows Server 2008 R2 SP1 .NET Version 4.5.1 or 4.6.1 supported in9.5.89.76 and higher) IIS 7.5, 8.0, or 8.5 6.1 Including expiration header in IIS You should disable page caching on the web server, as most pages in Relativity are dynamic and change frequently. You must include an expiration header in IIS to avoid page caching. To do this, you must configure the HTTP Response Headers through the IIS UI. To configure the HTTP headers: 1. Double-click HTTP Response Headers from your web server. The HTTP Response Headers window opens. 2. Select Set Common Headers in the Actions column. The Set Common HTTP Response Headers window opens. Relativity | Pre-Installation Guide - 12 3. Select Expire Web Content. 4. Select Immediately. 5. Click Ok. 6.2 Setting IIS options Make these updates on all web servers in your Relativity installation: 1. Install the required versions of the .NET Framework Full Profile on all web servers. 2. Configure the Legacy Unhandled Exception Policy on all web servers: a. Browse to the following directory on your web server: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ b. Open the Aspnet.config file in a text editor. c. Locate the tag . d. Set the enabled attribute to true. This sample code illustrates the attribute that you need to update: e. Save the changes to the file. 6.3 IIS role service configuration Relativity requires that you configure several role services in the IIS. You also have the option of using a full installation of the Web Server (IIS) role. 6.3.1 IIS roles on Windows Server 2008 R2 For the IIS on Windows Server 2008 R2, the following illustration lists the minimum role service requirements for Relativity: Relativity | Pre-Installation Guide - 13 Relativity | Pre-Installation Guide - 14 6.3.2 IIS roles on Windows Server 2012 R2 For the IIS on Windows Server 2012 R2, use this procedure to view the minimum role service requirements for Relativity: 1. Open the Server Manager on Windows Server 2012 R2. 2. Click Manage to display a drop-down menu. 3. Click Add Roles and Features. The Add Roles and Features wizard appears. 4. 5. 6. 7. 8. Click Next on the Before you begin dialog. Click Next on the Select installation type dialog. On the Select destination server dialog, select Server Roles. Select Web Server (IIS), and then click Install. On the pop up window, ensure that Include management tools (if applicable) is checked, and then click Add Features. 9. Click Next to go to the Features page. 10. Review the following illustration for Features configuration settings: Relativity | Pre-Installation Guide - 15 11. Click Next to confirm the applicable Features. 12. Click Next on the Web Server Role (IIS) page. 13. On the Role Service page, review the following illustration for minimum role service requirements for Relativity: Relativity | Pre-Installation Guide - 16 Relativity | Pre-Installation Guide - 17 14. Click Next to confirm the Role Services. 15. Click Install. 6.4 Enabling the WebSocket protocol If you are using Windows Server 2012 R2, Relativity requires that you have the WebSocket protocol enabled on the IIS to support documentation conversion and imaging. Confirm that you have this protocol enabled on your web server. If you don't currently have it enabled on the IIS, see the WebSocket page on the Microsoft web site for instructions about setting it up. It is available at this URL: https://www.iis.net/configreference/system.webserver/websocket. 6.5 Configuring log file options If you enabled logging on the IIS, you can avoid performance and other issues by limiting the size of log files, as well as the number of trace files stored on the IIS. This section describes how to configure these features in your environment for optimum performance. 6.5.1 Log file options for Windows Server 2008 R2 Use the instructions in this section to configure logging settings for Windows Server 2008 R2. 6.5.1.1 Setting file size for IIS requests log Logging is a default role installed on the IIS and enabled in most environments. Use the following instructions to set the maximum size for the log files. Relativity | Pre-Installation Guide - 18 1. Open the IIS Manager. 2. On the IIS dashboard, highlight your server name to display configuration options in the Feature View. 3. Double-click the Logging icon to display the Logging page. The following illustration shows the maximum file size used to restrict the log files from growing larger than 3 MB. You need to adjust this file size to meet the needs of your environment. Relativity | Pre-Installation Guide - 19 6.5.1.2 Setting the file size for failed trace logging If you manually installed the failed trace logging through the Role Services on your IIS, complete the following steps to set the maximum number trace files stored. 1. Open the IIS Manager. 2. On the IIS dashboard, highlight your default web site to display configuration options in the Feature View. Relativity | Pre-Installation Guide - 20 3. Double-click the Failed Request Tracing Rules icon. 4. Right-click on the current set of enabled rules, and then click Edit Tracing Settings. 5. Update the value in the Maximum number of trace files box. This value should be set no higher than 500. 6.5.2 Log file options for Windows Server 2012 R2 Use the instructions in this section to configure logging settings for Windows Server 2012 R2. 6.5.2.1 Setting file size for IIS requests log Logging is a default role installed on the IIS and enabled in most environments. Use the following instructions to set the maximum size for the log files: 1. Open the Server Manager. 2. On the Tools menu, select Internet Information Services (IIS) Manager. 3. Expand the server node to display the Features View. Relativity | Pre-Installation Guide - 21 4. Double-click the Logging icon to display the Logging page. 5. Update the maximum file size for your environment if necessary. The following illustration shows the maximum file size used to restrict the log files from growing larger than 3 MB. Relativity | Pre-Installation Guide - 22 6.5.2.2 Setting the file size for failed trace logging If you manually installed the failed trace logging through the Role Services on your IIS, complete the following steps to set the maximum number trace files stored. 1. 2. 3. 4. Open the Server Manager. On the Tools menu, select Internet Information Services (IIS) Manager. Expand the server node to display the Features View. Highlight the Default Web Site. Relativity | Pre-Installation Guide - 23 5. Double-click the Failed Request Tracing icon to display the Failed Request Tracing Rules page. 6. Right-click on the rules to display a pop-up menu, and then click Edit Site Tracing. 7. Update the value in the Maximum number of trace files box. This value should be set no higher than 500. Relativity | Pre-Installation Guide - 24 6.6 Configuring SSL on a web server Before installing Relativity, we recommend that you set up SSL on the IIS for your Relativity instance. This configuration provides added security for the communication between the web server and the browser on a client computer. Your browser uses this secure connection to verify that it is communicating with the Relativity server. It also provides additional protection against the theft of cookies used to maintain a session between the browser and the server. Note: You aren't required to configure SSL on the web server hosting Relativity. If you decided not to use HTTPS in your environment, you must set the CookieSecure instance setting to False before logging in to Relativity, or you receive an error message. You can also complete this setup after installation but before logging in to Relativity. For more information, see Instance setting table on the Relativity 9.5 Documentation site. The process for configuring SSL on your web server includes these steps: n n n n Obtaining a certificate for your web server below Installing a certificate on your web server below Configuring HTTPS site bindings below Updating the SSL setting on the IIS on the next page 6.6.1 Obtaining a certificate for your web server To set up SSL on your web server, you must obtain a certificate, which is digital identification document used by the browser to authenticate the server. A server certificate contains detailed identification information, such as the name of the organization affiliated with the server content, the name of the organization that issued the certificate, and a public key used to establish an encrypted connection. It provides a way for the browser to confirm the authenticity of web server content and the integrity of the SSL-secured connection before transmitting information. You can obtain a certificate from Microsoft Certificate Services or from a mutually trusted certification authority (CA). A CA confirms your identity to ensure the validity of the information contained in your certificate. In general, you must provide your name, address, organization, and other information. Note: If you don't issue your server certificate through Microsoft Certificate Services, a third-party certification authority must approve your request and issue your server certificate. 6.6.2 Installing a certificate on your web server After obtaining an SSL certificate, install it in the certificate store on your web server. For more information, see Import or export certificates and private keys on the Microsoft Windows website. 6.6.3 Configuring HTTPS site bindings Relativity | Pre-Installation Guide - 25 The IIS resets after you configure the HTTPS site bindings and update the SSL setting as described in the following section. Use these steps to configure HTTPS site bindings: 1. Open the IIS Manager. 2. In the IIS Manager Connections pane, expand Sites. 3. Right -click on the Default Web Site, and then click Edit Bindings on the menu. 4. Click Add to display the Add Site Binding dialog. 5. 6. 7. 8. In the Type drop-down menu, select https. In the SSL certificate drop-down menu, select your certificate. Click OK. You now see https listed in the Type column. Click Close. 6.6.4 Updating the SSL setting on the IIS Use the following steps to configure SSL settings on the IIS: 1. Open IIS Manger. 2. Navigate to the Relativity virtual directory, and then select Relativity. Relativity | Pre-Installation Guide - 26 3. Double-click SSL Settings. 4. Select Require SSL. 5. Click Apply in the Actions pane. 7 Agent server setup An agent server performs background processing. It requires the following software: n n Windows Server 2012 R2 or Windows Server 2008 R2 SP1 .NET Version 4.5.1 (or 4.6.1 which is supported in 9.5.89.76 and above) In most environments, the Relativity installer automatically enables Microsoft DTC and HTTP activation. You may require the following instructions if you need to troubleshoot your installation or if its configuration requires you manually complete these steps. 7.1 Enabling Microsoft DTC You must enable Microsoft DTC on the Agent server along with the following configuration changes: 1. Add the Application Server role and select Distributed Transactions. Select Incoming Remote Transactions and Outgoing Remote Transactions. 2. Type dcomcnfg on your Start menu , and then press Enter to open Component Services. 3. Expand Component Services > Computers > My Computer > Distributed Transaction Coordinator. 4. Right-click Local DTC, and then click Properties. 5. Click the Security tab. 6. Select the following check boxes: Allow Remote Clients Allow Inbound n Allow Outbound 7. Click Apply. 8. Click Yes to restart the MSDTC service. 9. Click OK. n n Relativity | Pre-Installation Guide - 27 7.2 Enabling HTTP activation You must enable HTTP activation on your agent server as follows for Microsoft Windows Server 2012 R: 1. 2. 3. 4. 5. 6. Click Start > Administrative Tools > Server Manager. In the Server Manager Dashboard, click Manage > Add Roles and Features. In the Add Roles and Features, choose Server Selection. Select the server running the agents is selected in the Server Pool box, and then click Next. Click Features in the sidebar of the wizard. Select the following checkboxes in the Feature box: n n .NET Framework 3.5 Features .NET Framework 4.5 Features Make sure that HTTP Activation is installed and selected when you expand each of these sections. 7. Install any missing features are necessary. 8. When the installation is complete, expand .NET Framework 3.5 Features and .NET Framework 4.5 Features to verify that HTTP Activation is installed. See the following screen shot: 8 Service Bus for Windows Server The Relativity service bus requires that you install and configure Service Bus for Windows Server before you install or upgrade Relativity. You can perform an online installation for Service Bus for Relativity | Pre-Installation Guide - 28 Windows Server that requires an internet connection, or an offline installation that requires the internet only to download the installer. For additional information, see the Relativity Service Bus guide. Note: You can optionally install the Service Bus for Windows Server on multiple hosts. The process for installing and configuring Service Bus for Windows Server includes these steps: n n n n n Pre-installation steps for Service Bus for Windows Server below Best practices for Service Bus for Windows Server below Online installation for Service Bus for Windows Server on the next page Offline installation for Service Bus for Windows Server on page 33 Configuring Service Bus for Windows Server on page 36 8.1 Pre-installation steps for Service Bus for Windows Server Before installing Service Bus for Windows Server, complete the following prerequisites: n n n Complete the pre-installation steps for Relativity, such as setting up user accounts and certificates. For more information, see Certificate requirements for Service Bus for Windows Server on page 6. Ensure that you have the prerequisites for Service Bus for Windows Server. You need to meet these requirements to set up your farm correctly. See Planning Your Deployment (https://msdn.microsoft.com/en-us/library/dn441415.aspx). For a typical installation, identify the server or VM where you want to install Service Bus for Windows Server. To install the service bus on multiple hosts, identify the servers or VMs for this purpose. The farm requires that you add an odd number of nodes, but you shouldn't exceed a maximum of five nodes. For more information, see Best practices for Service Bus for Windows Server below. Note: For a typical installation, install Service Bus for Windows Server on a server or VM that is accessible throughout your Relativity instance. Consider installing the service bus on the agent server where you intend to run conversion agents. If you are upgrading from Relativity 9.3 or below and you have a worker server that you are converting into a conversion agent server, you may want to install it on that machine. As another alternative, install the service bus on a machine that meets these minimum requirements: CPU clock speed of 1.6GHz, a CPU core count of 2 or more, and physical memory of 3.5 GB, although 6 GB is recommended. These same guidelines also apply when installing the service bus on multiple hosts. See Best Practices Analyzer (https://msdn.microsoft.com/en-us/library/dn441402.aspx). 8.2 Best practices for Service Bus for Windows Server Use the following guidelines to optimize the Service Bus for Windows Server installation and farm setup: n Service bus installation - For a typical installation, install Service Bus for Windows Server on a server or VM that is accessible throughout your Relativity instance. Consider installing the service bus on the agent server where you intend to run conversion agents. If you are upgrading from Relativity 9.3 or below and you have a worker server that you are converting into a conversion agent server, you may want to install it on that machine. As another alternative, install the service bus on a machine that Relativity | Pre-Installation Guide - 29 n meets these minimum requirements: CPU clock speed of 1.6GHz, a CPU core count of 2 or more, and physical memory of 3.5 GB, although 6 GB is recommended. These same guidelines also apply when installing the service bus on multiple hosts. See Best Practices Analyzer (https://msdn.microsoft.com/en-us/library/dn441402.aspx). Node - A typical Relativity installation requires only a single node in a farm. For a multiple host installation, ensure that you have an odd number of nodes, but don't exceed the maximum of five nodes. Three nodes is a common configuration for most environments configured with multiple hosts. While you can install the service bus on five nodes, determine if your Relativity installation requires these additional nodes. They may result in unnecessary overhead for your environment. Note: During installation or upgrade, the machine for the Relativity service bus must be a node in the farm. n SQL Server instance location - Any machine in the farm can host the service bus databases. We recommend hosting the SQL instance on the Invariant database server. However, you can host it on a SQL instance on a separate machine. The SQL Server instance used for the Service Bus for Windows Server must meet the minimum requirements that Microsoft specifies in Prerequisites on MSDN (https://msdn.microsoft.com/en-us/library/dn441411.aspx).in Prerequisites on MSDN. n Message containers - For a typical Relativity installation with a single node, we recommend using the default value of three message containers in the farm. For a multiple host environment, Microsoft recommends using 2n message containers, where n is the number of nodes. For example, if you install the service bus on three hosts, then you need six message containers. See step 11 in Setting up a new farm on page 36. To review the Microsoft recommendations for message containers, see Scaling on MSDN (https://msdn.microsoft.com/en-us/library/dn441424.aspx). n n Message backing (SQL) high availability - Review the Microsoft recommendations for message backing with high availability, which suggest using SQL mirroring or SQL AlwaysOn availability groups. For more information, see Architecture overview on MSDN (https://msdn.microsoft.com/en-us/library/dn441428.aspx). Server roles - Install the Relativity service bus on a single machine that is a node in the Service Bus for Windows Server farm. In a multiple host environment, install the Service Bus for Windows Server on multiple machines that you want added to your farm. However, you only need to install the Relativity service bus on single machine as in a typical installation. For more information, see Relativity Installation. Note: Make sure that you set up a farm and configure it before you run the Relativity installer. The Relativity installer validates that your environment meets this requirement. See Configuring Service Bus for Windows Server on page 36. 8.3 Online installation for Service Bus for Windows Server To perform an online installation, you must have an internet connection. This process includes downloading the Microsoft Web Platform Installer (Web PI) and then installing the service bus on server or VM in your Relativity environment. See Best practices for Service Bus for Windows Server on the previous page. Relativity | Pre-Installation Guide - 30 Review the following installation considerations: n n n For a typical installation, install Service Bus for Windows Server on a server or VM that is accessible throughout your Relativity instance. Consider installing the service bus on the agent server where you intend to run conversion agents. If you are upgrading from Relativity 9.3 or below and you have a worker server that you are converting into a conversion agent server, you would want to install it on that machine. Follow these same guidelines when installing the service bus on multiple hosts. In a multiple host environment, install the Service Bus for Windows Server on each machine that you want added as a node in the farm. However, you only need to install the Relativity service bus on single machine that is a node in the farm. For more information, see Relativity Installation. Notice that the installer for the Service Bus for Windows Server adds the database files for the service bus to the default locations used by your SQL Server. These database locations differ from those used for the Relativity databases specified in the RelativityResponse.txt file installation input file. You can use the default locations for the Service Bus for Windows Server databases. However, if you want to change these locations, see View or Change the Default Locations for Data and Log Files (SQL Server Management Studio) on the Microsoft website (https://msdn.microsoft.com/enus/library/dd206993.aspx). If you don't have an internet connection, you can perform an offline installation. For more information, see Offline installation for Service Bus for Windows Server on page 33. Use the following steps to install Service Bus for Windows Server: 1. Download the Web PI from Microsoft/web (https://www.microsoft.com/web/downloads/platform.aspx). 2. Click Free Download. 3. Locate the wpilauncher.exe that was downloaded by the installer. It appears in the lower left corner of the browser, or in your download folder. 4. Double-click the wpilauncher.exe file to launch the Web PI. When the Security Warning dialog appears, click Run. Relativity | Pre-Installation Guide - 31 5. On the Spotlight tab, search for Service Bus 1.1. 6. Select Windows Azure Pack: Service Bus 1.1 in the search results. 7. Click Add > Install. 8. Accept the license terms. Relativity | Pre-Installation Guide - 32 9. In the Prerequisites section, click I don't want to use Microsoft Update, and then click Continue. 10. 11. 12. 13. When the installation process completes, click Finish. On the Spotlight tab, search for Service Bus 1.1. Select Windows Azure Pack: Security Update for Service Bus 1.1 (KB2972621). When the installation process completes, click Finish, and then Exit. You have now installed Service Bus for Windows Server. You have now installed Service Bus for Windows Server. 14. Complete the steps for configuring the service bus. For more information, see Configuring Service Bus for Windows Server on page 36. 8.4 Offline installation for Service Bus for Windows Server To perform an offline installation, you only need an internet connection to download the installer. You can then complete the offline installation process on server or VM in your Relativity environment. See Best practices for Service Bus for Windows Server on page 29. Review the following installation considerations: n For a typical installation, install Service Bus for Windows Server on a server or VM that is accessible throughout your Relativity instance. Consider installing the service bus on the agent server where you intend to run conversion agents. If you are upgrading from Relativity 9.3 or below and you have a worker server that you are converting into a conversion agent server, you would want to install it on that machine. Follow these same guidelines when installing the service bus on multiple hosts. Relativity | Pre-Installation Guide - 33 n In a multiple host environment, install the Service Bus for Windows Server on each machine that you want added as a node in the farm. However, you only need to install the Relativity service bus on single machine that is a node in the farm. For more information, see Relativity Installation. n Notice that the installer for the Service Bus for Windows Server adds the database files for the service bus to the default locations used by your SQL Server. These database locations differ from those used for the Relativity databases specified in the RelativityResponse.txt file installation input file. You can use the default locations for the Service Bus for Windows Server databases. However, if you want to change these locations, see View or Change the Default Locations for Data and Log Files (SQL Server Management Studio) on the Microsoft website (https://msdn.microsoft.com/enus/library/dd206993.aspx). After you complete the installation, call the WebPICmd executable using the following command line switches in a command prompt window: n n n n n /list - displays a list of available products. /listoption: - acts as a sub-command used for filtering on a list. /install - installs products available through the Web PI. /offline - downloads the products for use offline. This command downloads products so you can be installed later by running the /install command. /Products: - acts as a sub-command of both the /offline and /install commands. You can use it to indicate which of the available products you want to download and install, respectively. 8.4.1 Downloading the Web Platform Installer You need an internet connection to download the Web Platform Installer (Web PI) used to install the Service Bus for Windows Server. Use the following steps to download the installer: 1. On a machine with an internet connection, complete steps 1 - 8 listed in Online installation for Service Bus for Windows Server on page 30. You should now have installed the Web PI on your machine. Steps 1-4 then click Exit 2. Verify that the WebPICmd.exe file was installed on your machine by locating it in the following folder: %ProgramFiles%\Microsoft\Web Platform Installer 3. Open a Windows PowerShell command prompt. Select Run as Administrator. 4. Run the following /list command to display ServiceBus_1_1 in a list of service bus products: webpicmd /list /listoption:Available|?{ $_.Contains(“ServiceBus”) } Relativity | Pre-Installation Guide - 34 5. Use the following command to download the files for installing Service Bus for Windows Server 1.1 and the Security Update for Service Bus 1.1 (KB2972621): webpicmd /offline /Products:"ServiceBus_1_1,ServiceBus_1_1_CU1" /Path:C:\ServiceBusOfflineFiles 6. Verify that PowerShell displays information about the products that are cached and processed, and the feeds being built. These processes succeeded if you see the message listed in the following screen shot. The path command indicates where the files are downloaded. You can modify this path as necessary. 7. After the download completes, copy the entire /Path directory to the machines in your offline environment where you want to install Service Bus for Windows Server. 8.4.2 Installing Service Bus for Windows Server For a typical Relativity installation, install the Service Bus for Windows Server on the machine that you want added as a node in the farm. For a multiple host environment, repeat this installation process on all the machines that you want added as nodes in the farm. Use the following steps to install the service bus: 1. Open a Windows PowerShell command prompt. Select Run as Administrator. 2. Change to the directory containing the installation files that you downloaded using the /offline command and copied to this machine. See step 7 in Downloading the Web Platform Installer on the previous page. For example, if you download the files to a directory on your hard drive called ServiceBusOfflineFiles, you would execute this command: cd C:\ServiceBusOfflineFiles\ 3. Run the following command to install Service Bus for Windows Server 1.1 and the Security Update for Service Bus 1.1 (KB2972621). Update the initial part of the path displayed after the /xml command with the directory where your files are located. For example, you would replace C:\ServiceBusOfflineFiles Relativity | Pre-Installation Guide - 35 with your file path: .\bin\WebpiCmd.exe /install /Products:"ServiceBus_1_1,ServiceBus_1_1_CU1" /xml:C:\ServiceBusOfflineFiles\feeds\latest\webproductlist.xml 4. Accept the licensing agreement to install the service bus. 5. After the installation completes, verify that you see a message like the one in the screen shot: 6. Complete the steps for configuring the service bus. For more information, see Configuring Service Bus for Windows Server below. 8.5 Configuring Service Bus for Windows Server After installing Service Bus for Windows Server, you need to complete several configuration steps, which include setting up a new service bus farm. A farm consists of one or more servers, or nodes that use the service bus. For troubleshooting information, see the Relativity Service Bus guide. 8.5.1 Setting up a new farm You set up a new farm by adding a single server to it. After completing this process, you can optionally add multiple hosts to the farm. For more information, see Optionally adding multiple servers to an existing farm on page 40. Note: Before you can add a server to a farm, you must install the Service Bus for Windows Server on it. Use the following steps to set up a new farm: 1. Locate the Service Bus Configuration tool on your desktop. The service bus installer automatically installs this tool for you. 2. Launch the Service Bus Configuration tool, and then click With Custom Settings. 3. Complete the fields in the Service Bus Configuration wizard. See Fields in Service Bus Configuration wizard on the next page. 4. After you set the fields in the wizard, click the to display a summary of the information used to configure the service bus. 5. Click the to start the configuration process. 6. Set the DNS for the service bus farm. Execute the following commands with the Service Bus PowerShell tool. This DNS must match the name in the Issued to field on the certificate used for the service bus. Stop-SBFarm Set-SBFarm -FarmDns 'YOUR_DNS' Relativity | Pre-Installation Guide - 36 Update-SBHost Start-SBFarm 7. Verify that the service bus is configured properly by entering your URL into a web browser, and confirming that the following page is displayed. Use this format for the URL: https://:/. 8.5.2 Fields in Service Bus Configuration wizard In the Service Bus Configuration wizard, you need to set the following fields, including the suggested or required values for them. Configure Farm Management Database In this section, click the Advanced Options drop-down to display additional fields. n n n SQL Server Instance - Enter the name or address of the SQL Server where you want to host the SbManagementDB. This SQL instance hosts the databases for your farm. Enable SSL connection with the SQL Server instance - Optionally, click this checkbox to use SSL. Authentication - Complete one of the following tasks to set up authentication for the SQL instance: Windows Authentication - Select this option if your instance supports Windows authentication. SQL Server Authentication - Select this option to use SQL server authentication. Enter credentials in the User Name and Password fields for a Sysadmin account or the EDDSDBO account. Use the above SQL Server instance and settings for all databases - Click this checkbox. Database Name - Optionally, update the name for your database. You can also just use the default name, which is SbManagementDB. Test Connection - Click this button to ensure that you have enter the correct settings for your SQL Server. o o n n n Configure Gateway Database n n n SQL Server Instance - Don't modify the default setting for the Gateway database. Database Name - Don't modify the default name for the Gateway database. Test Connection - Click the button for the database instance. appears next to the server instance when the installer verifies a connection. Configure Message Container Database n n n SQL Server Instance - Don't modify the default setting for the Message Container database. Database Name Prefix - Don't modify the default name for the Message Container database. Number of Containers - Enter a value for the number of containers. For a typical Relativity installation with a single node, we recommend using the default value of three message containers in the farm. For Relativity | Pre-Installation Guide - 37 a multiple host environment, Microsoft recommends using 2n message containers, where n is the number of nodes. For example, if you install the service bus on three hosts, then you need six message containers. For more information, see Best practices for Service Bus for Windows Server on page 29. Note: If you previously configured the number of containers and need to update this value, see Adding a new message container on page 42. n Test Connection - Click this button for the database instance. when the installer verifies a connection. appears next to the server instance Configure Service Account n n User ID - Enter the user ID for the Relativity service account. Password - Enter the password for the Relativity service account. Note: You must use the Relativity service account credentials for the service account on the Service Bus for Windows Server. For more information, see User and group accounts on page 7. Configure Certificate Use one of the following methods to configure a certificate. You can auto-generate a certificate. Alternatively, you can use an existing certificate with the same domain as the FQDN of the service bus server, or you can issue a certificate through an CA. For more information, see Certificate requirements for Service Bus for Windows Server on page 6. n Auto-generate - Select this checkbox to automatically create a certificate. If you select this option , you must enter a value in the following fields: Certificate Generation Key - Enter a certificate generation key of your choice if you are auto-generating a certificate. This key is required if you want to add more hosts to the farm in the future. Complete the steps required to distribute the generated certificate to all agent and web servers. See Configuring an auto-generated SSL certificate on page 40. o Confirm Certificate Generation Key - Renter the key from the previous field. Farm Certificate - If you didn't auto-generate a certificate, click Browse to select the certificate that you want to use for HTTPS communication between the service bus and the clients. For more information, see Certificate requirements for Service Bus for Windows Server on page 6. Encryption Certificate - If you didn't auto-generate a certificate, click Browse to select the certificate used to encrypt all the connection strings in the SbManagementDB database and registry. You configured the SbManagementDB database in Configuring HTTPS site bindings on page 25. For more information, see Certificate requirements for Service Bus for Windows Server on page 6. o n n Configure Ports n Consider using the port numbers in the following table. These port numbers are suggested configuration values. Relativity | Pre-Installation Guide - 38 Port name HTTPS Port Port number 9455 TCP Port 9454 Message Broker 9456 Port n Resource Provider HTTPS Port AMQP Port 9459 AMQPS Port 5681 Internal Communication Port Range 9000 5682 Description Specifies the HTTPS port used for communication with Service Bus for Windows Server. To avoid port conflicts with Data Grid, this value differs from Microsoft's default value. Specifies the TCP port used for communication with Service Bus for Windows Server. To avoid port conflicts with Data Grid, this value differs from Microsoft's default value. Specifies the port used for message broker communication by Service Bus for Windows Server. To avoid port conflicts with Data Grid, this value differs from Microsoft's default value. Specifies the port used for communication with the Service Bus Management Portal. To avoid port conflicts with Data Grid, this value differs from Microsoft's default value. Specifies the AMQP port used for communication with the Service Bus via the AMQP protocol. The default value of 5672 is the industry default for AMQP communication. We recommend changing this value to 5682 to avoid potential port conflicts. Specifies the AMQPS port used for communication with the Service Bus via the AMQP protocol over SSL. The default value of 5671 is the industry default for AMQPS communication. We recommend changing this value to 5681 to avoid potential port conflicts. Specifies the ports used for communication between hosts in the Service Bus farm. Use the default recommended by Microsoft default. It doesn't have any port conflicts with Relativity components. Enable firewall rules on this computer - Select this checkbox. When you select this option, the service bus automatically sets up the necessary rules to communicate over the firewall. If you don't select this option, then the client must configure the necessary rules or the service bus won't function properly. Configure Admin Group n Configure Admin Group - Enter the name of an admin user group. This group has access to the service bus databases and admin access to the farm, including full admin rights on the Service Bus for Windows Server. By default, the Admin Group box is set to BUILTIN\Administrators group, but you can modify the users in this group as necessary. Note: If the admin group is a local group, make sure that it exists on all servers in the farm and the SQL instance specified in Configuring HTTPS site bindings on page 25. Configure Service Bus Namespace n Create a default namespace - Select this checkbox. Optionally, enter a name for the namespace in the textbox. You can use the default value, since Relativity creates an new namespace during installation. Relativity | Pre-Installation Guide - 39 8.5.3 Configuring an auto-generated SSL certificate You can auto-generate SSL certificates for remote clients and then export the CA and Certificate revocation list (CRL) to them. Use the following steps to configure a certificate on a remote client: 1. Log in to the machine where you installed Service Bus for Windows Server. 2. Open the Service Bus PowerShell tool. 3. To export the CA and CRL from a farm node, execute the following cmdlet: Get-SBAutoGeneratedCA If you don't provide file names, the cmdlet exports the CA and CRL to the service bus root folder with the name AutoGeneratedCA.cer and AutoGeneratedCA.crl respectively. The following example illustrates how to run this cmdlet with file names: Get-SBAutoGeneratedCA -CACertificateFileName "C:\CACert.cer" -RevocationListFileName "C:\RevocationList.crl" 4. Import the CA and CRL files to your Relativity servers that need access to the service bus. For example, you need to import the auto-generated service bus certificates to the web and agent servers. 5. On the client machine, open a Microsoft Management Console (MMC) window. On the Start menu, click Run, enter MMC, and then click OK. 6. In the MMC window, click File > Add/Remove Snap-in. The Add/Remove Snap-in dialog box appears. 7. Add the Certificates snap-in by selecting the Computer Account and Local Computer options. Click OK. 8. In the MMC window, right-click the Certificates\Trusted Root Certification Authorities. 9. Open All Tasks, and select Import. 10. Select the AutoGeneratedCA.cer file and import it. 11. In the MMC window, right-click on the Intermediate Certification Authorities. 12. Open All Tasks, and select Import. 13. Select the AutoGeneratedCA.crl file and import it. 8.5.4 Optionally adding multiple servers to an existing farm You can optionally add more servers or nodes to increase the computing power of the service bus. A typical Relativity installation requires only a single node in the farm. For a multiple host installation, you can optionally add three or five nodes to the farm. Three nodes is a common configuration for most environments using multiple hosts. Before adding more nodes to your farm, review these guidelines: n n n n Add nodes that reside in the same domain. Use the fully qualified domain name as the instance address for each machine that you add. Ensure that you have an odd number of nodes. A service bus farm must have an odd number of nodes. For example, it can include one, three, or five nodes. See Best practices for Service Bus for Windows Server on page 29. Don't exceed the maximum of five nodes in the farm. To avoid extra overhead, determine whether your environment needs the additional nodes. Relativity | Pre-Installation Guide - 40 Use the following steps to add another server: 1. Open the Service Bus Configuration tool. 2. Click Join an Existing Farm. (Click to expand) 3. In SQL Server Instance box, enter the name or address of the SQL Server where the SbManagementDB is hosted. 4. Enter the SQL Server instance address. Use the fully qualified domain name for the machine as the instance address. 5. In the Database Name box, enter the name of the database if you modified the default name. 6. Under Advanced Options, click one of these options to set up authentication for the SQL instance: n n n Enable SSL connection with the SQL Server instance - select this option for SSL. Windows Authentication - select this option if your instance supports this authentication type. SQL Server Authentication - if you select this option, enter credentials in the User Name and Password fields. Relativity | Pre-Installation Guide - 41 7. On the Join Service Bus Farm page, enter the User ID and Password for the Relativity service account. For example, you could use [email protected] as the User ID. (Click to expand) 8. Select Enable firewall rules on this computer. Don't enter a value in the Provide Certificate Generation Key box. 9. Click the , and then to start the configuration process. 8.5.5 Adding a new message container After you configure your service bus farm, you can continue to add new message containers to your environment. Adding containers scales the data tier of the service bus. The larger data tier increases the availability of the SQL layer to store messages, queues, topics, and other entities. Review following guidelines to determine the number of message containers required for your service bus: Relativity | Pre-Installation Guide - 42 n n Single node installation - For a typical Relativity installation with a single node, we recommend using the default value of three message containers in the farm. See step 11 in Setting up a new farm on page 36. Multiple node installation - For a multiple host environment, Microsoft recommends using 2n message containers, where n is the number of nodes. For example, if you install the service bus on three hosts, then you need six message containers. To review the Microsoft recommendations for message containers, see Scaling on MSDN (https://msdn.microsoft.com/en-us/library/dn441424.aspx). Use the following PowerShell cmdlets to add a new message container. For more information, see Service bus PowerShell cmdlets in the Relativity service bus guide. n Execute a cmdlet from outside the farm - When you execute a cmdlet from outside the farm, the SBFarmConnectionString points to the management databases of the service bus farm. New-SBMessageContainer –ContainerDBConnectionString -SBFarmConnectionString n Execute a cmdlet from inside the farm - When you execute a cmdlet inside the farm, you call the cmdlet without the SBFarmConnectionString. In this example, the database is called container2. You must specify a unique database name for use in your environment when you run the New-SBMessageContainer command. New-SBMessageContainer -ContainerDBConnectionString "data sourcee=localhost\sqlexpress;database=container2;integrated security=true" 8.5.6 Troubleshooting the service bus farm Review the following list of errors and resolutions to troubleshoot your service bus configuration. For additional troubleshooting information, see Service bus PowerShell cmdlets in the Relativity Service Bus guide. Service Bus Gateway service won't start If you can't start the Service Bus Gateway service, then you may need to install a Windows update. To install this update, see https://support.microsoft.com/en-us/kb/3086798. Timeout error occurs when creating or joining service bus farm If you receive a timeout error when attempting to create or join a service bus farm, you may have a port conflict in your environment. You can check the availability of a port in your environment by running the following netstat command: netstat -na | find "" See the following sample command: netstat -na | find "9455" Relativity | Pre-Installation Guide - 43 If the command doesn’t return a value, then the port is free. For a list of recommended ports, see Configure Ports on page 38. 9 File (document) share or server You can use a file share or server as a repository for documents stored in Relativity. You must create a directory that's used as the root of the directories and documents created through the Relativity system. This file share must be a folder rather than a drive letter. For example, C:\Fileshare instead of just the C drive. In addition, confirm that the Full Text, LDF files, MDF files, and Backups are all specified to the folder level. Don't specify them to only a drive. Note: For information about setting up processing servers, see Database server for processing or native imaging on page 49 and Worker server for processing or native imaging on page 50. 9.1 Create share The document root directory is exposed to the Relativity application through a shared drive. Use these steps to share the folder: 1. 2. 3. 4. 5. 6. Right-click the folder, and go to Properties. Open the Sharing tab, and click Share. Enter the Relativity Service Account name (domain\account), and then click Add. Select the service account on the share list, and then change Permission Level to Co-owner. Enter the Relativity Upload Users group, and then click Add. Select the group on the share list, and then set the Permission Level to Co-owner. Relativity | Pre-Installation Guide - 44 7. 8. 9. 10. Click Share. When the share completes, click Done. On the Document Properties dialog, select the Security tab. Verify that the users and groups you added to the share also have Full Control security permissions to the folder itself. 10 Cache location server The cache location server requires the same permissions as the file share. For more information, see Pre-installation on page 5. Note: During installation or upgrade, Relativity automatically creates a cache location server based on the location of your file repository. You can also manually add cache location servers. For more information, see Cache location servers on the Relativity 9.5 Documentation site. 11 Analytics server setup Before completing the steps for upgrading to Relativity Analytics 9.5, make sure you've completed the steps contained in this section. 11.0.1 Required software The following software must be installed on the analytics server: n n Windows Server 2012 R2 or Windows Server 2008 R2 NET Version 4.5.1 11.0.2 Create installation index directory 1. Create a folder called CAAT on the root of the C: drive. 2. The Analytics index directory must also be created before installing Relativity Analytics. We recommend that you not keep the index directory on the C: drive due to the size requirements. We recommend you use locally-attached storage referenced by a drive letter, i.e. E:\AnalyticsData, rather than a UNC path. For more information, see Index directory requirements in the Analytics Guide. Do not create a local drive map to a UNC. For example, do not open \\servername\CAAT1 and map it to drive Z:. This is because drive mappings are specific to each Windows user and may not be available to the Relativity Service Account. 11.0.3 Assign permissions to the analytics directories You must configure permissions for the necessary directories on the analytics server. Follow these steps to assign the proper permissions: 1. Add the Relativity Service Account user to both the Administrators and the Users group. 2. Navigate to C:\CAAT\ and add Full Control permissions to both the Administrators and the Users group. Relativity | Pre-Installation Guide - 45 n n n n n Right-click on C:\CAAT. Navigate to the Security tab. Edit the Users group permissions and add Full Control. Edit the Administrators group permissions and add Full Control. Click Apply. 3. Navigate to the index directory and add Full Control permissions to both the Administrators and the Users group. n n n n n Right-click on the index directory folder. Navigate to the Security tab. Edit the Users group permissions and add Full Control. Edit the Administrators group permissions and add Full Control. Click Apply. 4. Reboot the server after all user and/or permission changes. 11.0.4 Required setup 1. The web server needs to be able to communicate with the analytics server via TCP ports 445, 8080, and 8443. . 2. Windows Firewall needs to be disabled. 3. Disable anti-virus programs. At minimum it needs to be set to ignore the C:\CAAT installation folder as well as the index directory. 4. Disable UAC settings in your environment in order for the Analytics installer to complete successfully. This has to be set using the following steps on Windows 2012 server to fully disable UAC: n n n n n n Open Regedit. Browse to HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / policies / system. Double click on EnableLUA. Change the Value data to 0. Click OK. Reboot the server after this change. 5. Ensure that proxy settings are disabled on the analytics server by performing the following steps: n n n Open Internet Explorer on the Analytics server. Go to Tools, and then select Internet Options. Click the Connections tab. Relativity | Pre-Installation Guide - 46 Select LAN Settings and ensure the Proxy server section is cleared: 6. Click OK to save your changes. Relativity | Pre-Installation Guide - 47 12 Index share - dtSearch repository Create a root directory for the directories created by dtSearch index builds within the system. 12.1 Create share The dtSearch index directory is exposed to the Relativity application through a shared drive. Use these steps to share the folder: 1. 2. 3. 4. Right-click on the folder, and then go to Properties. Open the Sharing tab, and then click Share. Enter the Relativity Service Account name (domain\account), and then click Add. Select the service account on the share list, and then set the Permission Level to Co-owner. 5. 6. 7. 8. Click Share. When the share completes, click Done. On the Document Properties dialog, select the Security tab. Verify that the Relativity Service Account also has Full Control security permissions to the folder itself. 13 SMTP server setup Relativity requires access to an SMTP server to handle the delivery of error messages, job notifications, and billing statistics to both internal contacts and to kCura. kCura provides an easy to use SMTP connectivity tool, which Client Services runs against your system to verify the servers can properly communicate with your specified SMTP server. Relativity | Pre-Installation Guide - 48 Note: Make sure that the newly created agent and web servers used in your Relativity environment are configured to permit the relay of messages to external recipients. If you don’t provide this permission, job notifications and other messages are blocked. 14 Environment modification for processing or native imaging Before running the Invariant (worker manager server) installer, you must perform the following steps to modify your environment. Component Environment Configuration Settings Database n n Disable Internet Explorer Enhanced Security Configuration. Disable User Access Control (UAC) and the Windows Firewall. Queue Man- None ager Workers n Enable the Desktop Experience Windows Feature. n Disable Internet Explorer Enhanced Security Configuration for Administrators and Users. n Disable User Access Control (UAC) and the Windows Firewall. Disabling UAC on the worker server suppress pop-ups from the application in which the processing engine opens files. n Set Windows Updates to download, but allow you to choose whether to install. (You can set this option through the Control Panel under System and Security.) For more information, see the Worker manager server Installation guide. 15 Database server for processing or native imaging The following sections provide basic information about setting up the database server for processing or native imaging. For more information, see the Worker manager server Installation guide. Note: If you are only installing Collection or Legal Hold, you do not need this pre-requisite. 15.1 Required software Install the following software on the database server: Relativity | Pre-Installation Guide - 49 n n n Windows Server 2012 R2 or Windows Server 2008 R2 SP1 SQL Server 2012, SQL Server 2014, or SQL Server 2016 .NET Version 4.5.1(or 4.6.1 which is supported in 9.5.89.76 and above) Fix for Microsoft KB3138319, KB 3151109 and KB3120595: n n n n Cumulative Update 11 for SQL Server 2012 SP 2 Cumulative Update 2 for SQL Server 2012 SP 2 Cumulative Update 5 for SQL Server 2014 SP1 Cumulative Update 13 for SQL Server 2014 15.2 Relativity Service Account The Relativity Service Account must be the owner of all objects in the processing databases and have permissions for logging in to the SQL Server environment. It must be set up as follows: n n n Configure the account with Windows Authentication. Ensure that the account has local administrator rights to perform the installation of the native imaging database and queue manager. Ensure that this account has SQL administrator rights. 15.3 Create Invariant worker network file path share Create a directory on the SQL Server in a location where the Relativity Service Account can read and write. Make sure that SQL services can also read from this directory. This directory must be an actual folder, not a drive letter. It stores the installation files for worker servers. 16 Worker server for processing or native imaging The following sections provide basic information about setting up the worker server for processing or native imaging. For more information, see the Worker manager server Installation guide. Note: If you are only installing Collection or Legal Hold, you do not need this pre-requisite. 16.1 Required software Install the following software on the worker server: Required software Description Windows Server 2012, Windows Server 2012 R2, Required server software. or Windows Server 2008 R2 Required server software. .NET Version 4.5.1 (beginning in Relativity 9.2.237.3, released on 6/24/2015) or .NET 4.6.1, supported in 9.5.89.76 and above Relativity | Pre-Installation Guide - 50 Required software Desktop Experience (Windows Server feature) Description Required server software. Microsoft Office 2010 Professional SP2 (32-bit) (recommended) This includes: n or Microsoft Office 2013 Professional (32-bit)* n Note: * Microsoft Office 2013 is supported; however, due to performance degradation during text extraction, it's recommended that you continue to use Office 2010 with Relativity 9.5. Some features found in files created in Office 2013, such as Excel Timeline support, may not be available or render correctly when imaged using Office 2010. Office 2016 is not supported for Relativity 9.5. n n n n Excel – used for Processing and Native Imaging of most spreadsheet based documents (xlsx, xlsm, xlsb, odc, ods, etc.). Word – used for Processing and Native Imaging of DOCX, DOCM, DOTX, DOTM, DOC, etc. Powerpoint – used for Processing and Native imaging of PPTX, PPTM, PPSM, POTX, POTM, etc. Outlook – used for Processing and Native imaging of PST, OST, etc. OneNote – used for Processing and Native Imaging of ONE and TMP files, etc. Publisher – used for Processing and Native Imaging of PUB files, etc. Note: Courier New and Arial Unicode MS fonts must be installed on your machine. These fonts are installed by default when you install Microsoft Office, in which case you must ensure that you don't remove them. Note: Relativity doesn't support add-ins for Microsoft Office. Microsoft Works 6–9 File Converter (only required if you're using Office 2013) If you install Microsoft Office 2013, then the Microsoft Works Converter is also required. There are two ways to get the Microsoft Works 6–9 File Converter: Download it here: https://www.microsoft.com/en-us/download/details.aspx?id=12 n Through the Microsoft Office 2013 installer Used for Processing and Native Imaging of VSD, VDX, VSS, VSX, VST, VSW files. n Microsoft Visio 2010 Professional or Standard SP2 (32-bit) (recommended) or Microsoft Visio 2013 Professional or Standard SP1 (32-bit) Relativity | Pre-Installation Guide - 51 Required software Description Microsoft Project 2010 Professional or Standard Used for Processing and Native Imaging of MPP files. SP2 (32-bit) (recommended) or Microsoft Project 2013 Professional or Standard SP1 (32-bit) Lotus Notes v8.5.2 with Fix Pack 4 or Lotus Notes v8.5.3 with Fix Pack 6 Adobe Reader 4.0 or higher SolidWorks eDrawings Viewer 2016 (64-bit) or Lotus Notes 9.0X is supported but not required. It's recommended that you install Lotus Notes 9 or higher on your workers, as Lotus Notes version 8.5.x can’t read certain Lotus 9 databases. Note that some Lotus 9 databases can't be opened in 8.5.x and will generate an error during processing. Used for Processing and Native Imaging of PDF files. Used for Processing(Text Extraction) and Imaging for CAD files. This component is the only optional component. Solidworks eDrawings Viewer 2017 (64-bit) Note: The Solidworks eDrawings Viewer is not a pre-requisite for general use of Relativity Processing. Solidworks is only required for performing native imaging and text extraction on any supported CAD files in your data sources. Thus, you should install it only on the worker designated to perform these types of jobs. If you attempt to process a CAD file without the Solidworks viewer installed, you receive a simple document-level error prompting you to install it. Once you install the Solidworks viewer, you can retry that error and proceed with your processing job. JungUm Global Viewer v9.0 or higher Hancom Office Hanword 2014 Viewer Relativity | Pre-Installation Guide - 52 This is only required for processing and imaging GUL files (for Korean documents). You can still install processing without this component, but you won't be able to process or image GUL files without it. This is only required for processing and imaging HWP files. You can still install processing without this component, but you won't be able to process or image HWP files without it. 16.2 Required Microsoft Visual C++ redistributables When upgrading to Relativity 9.4/Invariant 4.4 and above, you need to manually install the following versions of C++ on all of your worker servers prior to running the Invariant installation files for your upgrade: n n n Microsoft Visual C++ 2010 Redistributable x86 and x64 Microsoft Visual C++ 2012 Redistributable x86 and x64 Microsoft Visual C++ 2013 Redistributable x86 and x64 Note: This is not required for initial installations of Relativity 9.4/Invariant 4.4 and above, as the installer will automatically install these C++ components. 16.3 Relativity Service Account The Relativity Service Account must be given local administrator rights to each worker server. The installation process uses this account. It must remain logged in to each server to run local processes during native imaging. 17 Obtaining applications for native imaging and processing On the Relativity Native Imaging/Processing worker, you must install additional software to support imaging/processing. Note: If you are only installing Collection or Legal Hold, you do not need this pre-requisite. For convenience, this section includes links to download pages for specific software, which may require licensing or may be downloaded for free: n Lotus Notes v8.5.2 with Fix Pack 4 or Lotus Notes v8.5.3 with Fix Pack 6 Note: When you visit the IBM site to download Lotus Notes, you have the option of buying the software online or downloading a free trial of it. If you select the free trial, you are required to sign in with an IBM user ID, which you must create if you don't already have one. n n n Adobe Reader 4.0 or higher available at http://get.adobe.com/reader/otherversions/ SolidWorks eDrawings 2015 (64-bit), with the option to view 3D XML and PRO/E files JungUm Global Viewer v9.0 or higher available at https://www.jungum.com/ReNew/En/Download/EtcDownload.html Relativity | Pre-Installation Guide - 53 18 Default log file location The default file location for Relativity logs is set by the %RELATIVITY_LOGS% environment variable. Define the variable on all machines in you Relativity environment (web servers, agent servers) except SQL Servers. For more information, see Configure logging. 19 Post-installation considerations After you install Relativity, review the post-installation considerations listed in this section. 19.1 User group for uploading documents You can improve performance when documents are uploaded with the Win Relativity component by creating a group of users with Full Control permissions on the file share used as a document repository. This group can import and export documents in Direct mode, which is significantly faster than Web mode. 19.2 Relativity service account information The Relativity installer automatically creates the Relativity service account. It assigns this account an email address, as the username, and a default password. We highly recommend that you change the default Forms password through the Relativity UI after your complete deploying the software. However, you shouldn’t disabled this account or modify any other the authentication information assigned to it. The Active Directory (AD) domain also includes a Relativity services account, which has the same username. The Relativity services account on this domain must log in to Relativity to perform various tasks, such as running agents and authenticating against the Relativity Services API. The audit history for Relativity often lists the Relativity services account as the user who performed a specific task. To avoid destabilizing your environment, we recommend that you don’t change the user settings in Relativity for this account or the AD domain for this account. Since Relativity uses AD authentication for the Relativity services account only for performing agent tasks, you can change the Forms authentication password through the Relativity UI without encountering any environment issues. As previously mentioned, the Relativity service account is sometimes used to identify the user who performed certain tasks in the software. For example, you might set up a dtSearch index job that includes a private search created by one of your users. The Relativity service account needs access to this private search in order to build the index automatically. It is the only account that can provide this functionality within Relativity. Relativity | Pre-Installation Guide - 54 19.3 Post-installation steps for a token-signing certificate After installing Relativity, you must update the IdentityCertificateThumbprint instance setting. For more information about the IdentityCertificateThumbprint instance setting, see Instance setting values on the Relativity 9.5 Documentation site. Note: To minimize any interruption to your Relativity workflows, we recommend that you complete the following process during off-hours. Use this procedure to update the instance setting: 1. Access the instance setting table on the EDDS database. For more information, see Instance setting table on the Relativity 9.5 Documentation site. 2. Update the setting for the IdentityCertificateThumbprint instance setting value with the certificate thumbprint for your token-signing certificate. See step 2 in Pre-installation steps for a token-signing certificate on page 12. 3. Log in to your web server. 4. Restart the IIS through the IIS Manager or by running the IISReset command-line utility. Note: When your certificate expires, you must update the thumbprint in the IdentityCertificateThumbprint instance setting with the one for the new certificate. You also need to restart the IIS and the individual services as described in step 4. You won’t be able to log in to Relativity unless you complete these steps. 19.4 Logo customization Customize your Relativity web interface with your company’s logo. To accommodate variable space requirements, provide two logos with different sizes. The height may be 50 pixels and the width is discretionary. You can hide the logo using a setting in the Instance setting table. The name of the logo file is also set in the Instance setting table. Add the logos to the images folder at the root of the EDDS directory. 19.5 Resource groups A workspace doesn't contain resource servers after you install Relativity. After the agents start up, the servers self-register, but they aren't automatically associated with a resource group. To associate these servers to a resource group, you must manually add them through the Resource Group tab available only from Home. For more information, see Servers in the Admin guide. 19.6 License keys After you install Relativity, you need to either activate new licenses or renew your current ones by requesting and applying activation keys for the applications you intend to use in your Relativity instance, including Processing. Relativity licensing includes flexible options that you can tailor to the Relativity | Pre-Installation Guide - 55 size, type, and other requirements of your organization as part of your contractual agreement with kCura. For more information, see the Relativity Licensing Guide. 19.7 Relativity instance name During a first-time installation, you must provide a name for your Relativity instance. This value is displayed on License details page available through the License tab. It is stored as the Instance setting in the kCura.LicenseManager section of the Instance setting table on the EDDS database. Note: Modifying the instance name by updating this setting in the Instance setting table immediately invalidates your Relativity and Processing licenses. When you request a Relativity license, this instance name is included in the request key. Contact the Client Services team ([email protected]) for additional information. In the RelativityResponse.txt file, the RELATIVITYINSTANCENAME value records the Relativity Instance Name option when you perform a first-time installation. For more information see, Relativity installation on the Relativity 9.5 Documentation site. Relativity | Pre-Installation Guide - 56 Proprietary Rights This documentation (“Documentation”) and the software to which it relates (“Software”) belongs to kCura LLC and/or kCura’s third party software vendors. kCura grants written license agreements which contain restrictions. All parties accessing the Documentation or Software must: respect proprietary rights of kCura and third parties; comply with your organization’s license agreement, including but not limited to license restrictions on use, copying, modifications, reverse engineering, and derivative products; and refrain from any misuse or misappropriation of this Documentation or Software in whole or in part. The Software and Documentation is protected by the Copyright Act of 1976, as amended, and the Software code is protected by the Illinois Trade Secrets Act. Violations can involve substantial civil liabilities, exemplary damages, and criminal penalties, including fines and possible imprisonment. ©2017. kCura LLC. All rights reserved. Relativity® and kCura® are registered trademarks of kCura LLC. Relativity | Pre-Installation Guide - 57